GLSA-200804-19 : PHP Toolkit: Data disclosure and Denial of Service

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200804-19
(PHP Toolkit: Data disclosure and Denial of Service)

Toni Arnold, David Sveningsson, Michal Bartoszkiewicz, and Joseph
reported that php-select does not quote parameters passed to the 'tr'
command, which could convert the '-D PHP5' argument in the
'APACHE2_OPTS' setting in the file /etc/conf.d/apache2 to lower case.

Impact :

An attacker could entice a system administrator to run 'emerge
php' or call 'php-select -t apache2 php5' directly in a
directory containing a lower case single-character named file, which
would prevent Apache from loading mod_php and thereby disclose PHP
source code and cause a Denial of Service.

Workaround :

Do not run 'emerge' or 'php-select' from a working directory which
contains a lower case single-character named file.

Contact

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.